Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Bad Image Error! [Solved]

Started by uresai , Dec 26 2008 07:24 AM

  • This topic is locked This topic is locked

#1
uresai
Posted 26 December 2008 - 07:24 AM

uresai

    Member

  • Member
  • PipPip
  • 10 posts
Hi guys , Im new here and I dint really know where to put this. I know its Holiday time and all and I dont know if you guys are going to be able to help me today but I get A Bad Image Error . I've checked with Hijack and this is what I get in the Log report . I've got an Impression that the Tedpike thing is the problem here because I cant find nothing about it on internet and none of my Programs go by this name. I use Ares for my p2p music and this error isnt caused by ares. Ive also got Malwarebyte , Spybot and Hijack this.

report log :




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:44:44, on 26/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
O2 - BHO: (no name) - {13d841e2-6a62-437f-9a14-562acc4bf990} - C:\WINDOWS\system32\zunadahi.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {99C6D1BB-7555-474C-91DA-D8FB62A9CC75} - (no file)
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [CPMfb0ff557] Rundll32.exe "c:\windows\system32\tepidike.dll",a
O4 - HKLM\..\Run: [bemifidomo] Rundll32.exe "C:\WINDOWS\system32\dewukobe.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [bemifidomo] Rundll32.exe "C:\WINDOWS\system32\dewukobe.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [bemifidomo] Rundll32.exe "C:\WINDOWS\system32\dewukobe.dll",s (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.appl...meInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gayel13.space...ad/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.updat...b?1213928891812
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safe...wlscbase969.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1155675640768
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1155677157421
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/...O1.cab60096.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\hizapego.dll c:\windows\system32\tepidike.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\tepidike.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\tepidike.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 9094 bytes
  • 0

Advertisements

#2
Essexboy
Posted 29 December 2008 - 01:36 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay, lets take a fresh and deep look at your system :)

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTScanit2 to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
  • Check the box that says Scan All Users
  • Check the Radio button for Rootkit check YES
  • Under Additional Scans check the following:
    • File - Lop Check
    • File - Purity Scan
    • Evnt - EventViewer Errors/Warnings (last 10)
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#3
uresai
Posted 29 December 2008 - 05:06 PM

uresai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
OTScanIt2.exe Start working than In the task Menager I see that its not responding is this normal? Catchme.exe Did start scanning while im waiting tho
  • 0

#4
Essexboy
Posted 29 December 2008 - 05:08 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It can take up to five minutes to run and according to windows it is not responding. If after 10 minutes or so there is no log then come back, but catchme is about the last bit to run
  • 0

#5
uresai
Posted 29 December 2008 - 05:21 PM

uresai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I tried uploading the notepad report but its to big to be Uploaded
  • 0

#6
uresai
Posted 29 December 2008 - 05:30 PM

uresai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Ohhh mediafire. Lmao sorry Ill do it now

Here is the link :



http://www.mediafire...694c250cbec252b

Edited by uresai, 29 December 2008 - 05:33 PM.

  • 0

#7
Essexboy
Posted 30 December 2008 - 12:24 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I am seeing evidence of the tdss malware so I will clean the easy ones with OTScanit and then use another tool to kill the TDSS

Start OTScanit. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {13d841e2-6a62-437f-9a14-562acc4bf990} [HKLM] -> %SystemRoot%\system32\dasulelo.dll [Reg Error: Value  does not exist or could not be read.]
< Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "bemifidomo" -> %SystemRoot%\system32\hojezeti.dll [Rundll32.exe "C:\WINDOWS\system32\hojezeti.dll",s]
YY -> "CPMfb0ff557" -> %SystemRoot%\system32\segudedu.dll [Rundll32.exe "c:\windows\system32\segudedu.dll",a]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} [HKLM] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [HKLM] -> [Reg Error: Key does not exist or could not be opened.]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YY -> C:\WINDOWS\system32\soluwale.dll -> %SystemRoot%\system32\soluwale.dll
YY -> c:\windows\system32\segudedu.dll -> %SystemRoot%\system32\segudedu.dll
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YY -> "{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" [HKLM] -> %SystemRoot%\system32\segudedu.dll [SSODL]
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
YY -> "{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" [HKLM] -> %SystemRoot%\system32\segudedu.dll [STS]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\WINDOWS\system32\64EgSwJ2.exe" -> C:\WINDOWS\system32\64EgSwJ2.exe [C:\WINDOWS\system32\64EgSwJ2.exe:*:Enabled:64EgSwJ2]
[Files/Folders - Created Within 30 Days]
NY -> esefekuv.ini -> %SystemRoot%\System32\esefekuv.ini
NY -> At120.job -> %SystemRoot%\tasks\At120.job
NY -> At119.job -> %SystemRoot%\tasks\At119.job
NY -> At118.job -> %SystemRoot%\tasks\At118.job
NY -> At117.job -> %SystemRoot%\tasks\At117.job
NY -> At116.job -> %SystemRoot%\tasks\At116.job
NY -> At115.job -> %SystemRoot%\tasks\At115.job
NY -> At114.job -> %SystemRoot%\tasks\At114.job
NY -> At113.job -> %SystemRoot%\tasks\At113.job
NY -> At112.job -> %SystemRoot%\tasks\At112.job
NY -> At111.job -> %SystemRoot%\tasks\At111.job
NY -> At110.job -> %SystemRoot%\tasks\At110.job
NY -> At109.job -> %SystemRoot%\tasks\At109.job
NY -> At108.job -> %SystemRoot%\tasks\At108.job
NY -> At107.job -> %SystemRoot%\tasks\At107.job
NY -> At106.job -> %SystemRoot%\tasks\At106.job
NY -> At105.job -> %SystemRoot%\tasks\At105.job
NY -> At104.job -> %SystemRoot%\tasks\At104.job
NY -> At103.job -> %SystemRoot%\tasks\At103.job
NY -> At99.job -> %SystemRoot%\tasks\At99.job
NY -> At98.job -> %SystemRoot%\tasks\At98.job
NY -> At102.job -> %SystemRoot%\tasks\At102.job
NY -> At101.job -> %SystemRoot%\tasks\At101.job
NY -> At97.job -> %SystemRoot%\tasks\At97.job
[Files/Folders - Modified Within 30 Days]
NY -> At91.job -> %SystemRoot%\tasks\At91.job
NY -> At67.job -> %SystemRoot%\tasks\At67.job
NY -> At43.job -> %SystemRoot%\tasks\At43.job
NY -> At19.job -> %SystemRoot%\tasks\At19.job
NY -> At115.job -> %SystemRoot%\tasks\At115.job
NY -> wusagite -> %SystemRoot%\System32\wusagite
NY -> At90.job -> %SystemRoot%\tasks\At90.job
NY -> At66.job -> %SystemRoot%\tasks\At66.job
NY -> At42.job -> %SystemRoot%\tasks\At42.job
NY -> At18.job -> %SystemRoot%\tasks\At18.job
NY -> At114.job -> %SystemRoot%\tasks\At114.job
NY -> esefekuv.ini -> %SystemRoot%\System32\esefekuv.ini
NY -> yulugezu.dll -> %SystemRoot%\System32\yulugezu.dll
NY -> segudedu.dll -> %SystemRoot%\System32\segudedu.dll
NY -> vukefese.dll -> %SystemRoot%\System32\vukefese.dll
NY -> At89.job -> %SystemRoot%\tasks\At89.job
NY -> At65.job -> %SystemRoot%\tasks\At65.job
NY -> At41.job -> %SystemRoot%\tasks\At41.job
NY -> At17.job -> %SystemRoot%\tasks\At17.job
NY -> At113.job -> %SystemRoot%\tasks\At113.job
NY -> At88.job -> %SystemRoot%\tasks\At88.job
NY -> At64.job -> %SystemRoot%\tasks\At64.job
NY -> At40.job -> %SystemRoot%\tasks\At40.job
NY -> At16.job -> %SystemRoot%\tasks\At16.job
NY -> At112.job -> %SystemRoot%\tasks\At112.job
NY -> At87.job -> %SystemRoot%\tasks\At87.job
NY -> At63.job -> %SystemRoot%\tasks\At63.job
NY -> At39.job -> %SystemRoot%\tasks\At39.job
NY -> At15.job -> %SystemRoot%\tasks\At15.job
NY -> At111.job -> %SystemRoot%\tasks\At111.job
NY -> At86.job -> %SystemRoot%\tasks\At86.job
NY -> At62.job -> %SystemRoot%\tasks\At62.job
NY -> At38.job -> %SystemRoot%\tasks\At38.job
NY -> At14.job -> %SystemRoot%\tasks\At14.job
NY -> At110.job -> %SystemRoot%\tasks\At110.job
NY -> At85.job -> %SystemRoot%\tasks\At85.job
NY -> At61.job -> %SystemRoot%\tasks\At61.job
NY -> At37.job -> %SystemRoot%\tasks\At37.job
NY -> At13.job -> %SystemRoot%\tasks\At13.job
NY -> At109.job -> %SystemRoot%\tasks\At109.job
NY -> At84.job -> %SystemRoot%\tasks\At84.job
NY -> At60.job -> %SystemRoot%\tasks\At60.job
NY -> At36.job -> %SystemRoot%\tasks\At36.job
NY -> At12.job -> %SystemRoot%\tasks\At12.job
NY -> At108.job -> %SystemRoot%\tasks\At108.job
NY -> At83.job -> %SystemRoot%\tasks\At83.job
NY -> At59.job -> %SystemRoot%\tasks\At59.job
NY -> At35.job -> %SystemRoot%\tasks\At35.job
NY -> At11.job -> %SystemRoot%\tasks\At11.job
NY -> At107.job -> %SystemRoot%\tasks\At107.job
NY -> At82.job -> %SystemRoot%\tasks\At82.job
NY -> At58.job -> %SystemRoot%\tasks\At58.job
NY -> At34.job -> %SystemRoot%\tasks\At34.job
NY -> At106.job -> %SystemRoot%\tasks\At106.job
NY -> At10.job -> %SystemRoot%\tasks\At10.job
NY -> At9.job -> %SystemRoot%\tasks\At9.job
NY -> At81.job -> %SystemRoot%\tasks\At81.job
NY -> At57.job -> %SystemRoot%\tasks\At57.job
NY -> At33.job -> %SystemRoot%\tasks\At33.job
NY -> At105.job -> %SystemRoot%\tasks\At105.job
NY -> At80.job -> %SystemRoot%\tasks\At80.job
NY -> At8.job -> %SystemRoot%\tasks\At8.job
NY -> At56.job -> %SystemRoot%\tasks\At56.job
NY -> At32.job -> %SystemRoot%\tasks\At32.job
NY -> At104.job -> %SystemRoot%\tasks\At104.job
NY -> At79.job -> %SystemRoot%\tasks\At79.job
NY -> At7.job -> %SystemRoot%\tasks\At7.job
NY -> At55.job -> %SystemRoot%\tasks\At55.job
NY -> At31.job -> %SystemRoot%\tasks\At31.job
NY -> At103.job -> %SystemRoot%\tasks\At103.job
NY -> At78.job -> %SystemRoot%\tasks\At78.job
NY -> At6.job -> %SystemRoot%\tasks\At6.job
NY -> At54.job -> %SystemRoot%\tasks\At54.job
NY -> At30.job -> %SystemRoot%\tasks\At30.job
NY -> At102.job -> %SystemRoot%\tasks\At102.job
NY -> At77.job -> %SystemRoot%\tasks\At77.job
NY -> At53.job -> %SystemRoot%\tasks\At53.job
NY -> At5.job -> %SystemRoot%\tasks\At5.job
NY -> At29.job -> %SystemRoot%\tasks\At29.job
NY -> At101.job -> %SystemRoot%\tasks\At101.job
NY -> At76.job -> %SystemRoot%\tasks\At76.job
NY -> At52.job -> %SystemRoot%\tasks\At52.job
NY -> At4.job -> %SystemRoot%\tasks\At4.job
NY -> At28.job -> %SystemRoot%\tasks\At28.job
NY -> At99.job -> %SystemRoot%\tasks\At99.job
NY -> At75.job -> %SystemRoot%\tasks\At75.job
NY -> At51.job -> %SystemRoot%\tasks\At51.job
NY -> At3.job -> %SystemRoot%\tasks\At3.job
NY -> At27.job -> %SystemRoot%\tasks\At27.job
NY -> At98.job -> %SystemRoot%\tasks\At98.job
NY -> At74.job -> %SystemRoot%\tasks\At74.job
NY -> At50.job -> %SystemRoot%\tasks\At50.job
NY -> At26.job -> %SystemRoot%\tasks\At26.job
NY -> At2.job -> %SystemRoot%\tasks\At2.job
NY -> At1.job -> %SystemRoot%\tasks\At1.job
NY -> At49.job -> %SystemRoot%\tasks\At49.job
NY -> At97.job -> %SystemRoot%\tasks\At97.job
NY -> At73.job -> %SystemRoot%\tasks\At73.job
NY -> At25.job -> %SystemRoot%\tasks\At25.job
NY -> At96.job -> %SystemRoot%\tasks\At96.job
NY -> At72.job -> %SystemRoot%\tasks\At72.job
NY -> At48.job -> %SystemRoot%\tasks\At48.job
NY -> At24.job -> %SystemRoot%\tasks\At24.job
NY -> At120.job -> %SystemRoot%\tasks\At120.job
NY -> At95.job -> %SystemRoot%\tasks\At95.job
NY -> At71.job -> %SystemRoot%\tasks\At71.job
NY -> At47.job -> %SystemRoot%\tasks\At47.job
NY -> At23.job -> %SystemRoot%\tasks\At23.job
NY -> At119.job -> %SystemRoot%\tasks\At119.job
NY -> At94.job -> %SystemRoot%\tasks\At94.job
NY -> At70.job -> %SystemRoot%\tasks\At70.job
NY -> At46.job -> %SystemRoot%\tasks\At46.job
NY -> At22.job -> %SystemRoot%\tasks\At22.job
NY -> At118.job -> %SystemRoot%\tasks\At118.job
NY -> At93.job -> %SystemRoot%\tasks\At93.job
NY -> At69.job -> %SystemRoot%\tasks\At69.job
NY -> At45.job -> %SystemRoot%\tasks\At45.job
NY -> At21.job -> %SystemRoot%\tasks\At21.job
NY -> At117.job -> %SystemRoot%\tasks\At117.job
NY -> At92.job -> %SystemRoot%\tasks\At92.job
NY -> At68.job -> %SystemRoot%\tasks\At68.job
NY -> At44.job -> %SystemRoot%\tasks\At44.job
NY -> At20.job -> %SystemRoot%\tasks\At20.job
NY -> At116.job -> %SystemRoot%\tasks\At116.job
[File - Lop Check]
NY -> At1.job -> C:\WINDOWS\Tasks\At1.job
NY -> At10.job -> C:\WINDOWS\Tasks\At10.job
NY -> At101.job -> C:\WINDOWS\Tasks\At101.job
NY -> At102.job -> C:\WINDOWS\Tasks\At102.job
NY -> At103.job -> C:\WINDOWS\Tasks\At103.job
NY -> At104.job -> C:\WINDOWS\Tasks\At104.job
NY -> At105.job -> C:\WINDOWS\Tasks\At105.job
NY -> At106.job -> C:\WINDOWS\Tasks\At106.job
NY -> At107.job -> C:\WINDOWS\Tasks\At107.job
NY -> At108.job -> C:\WINDOWS\Tasks\At108.job
NY -> At109.job -> C:\WINDOWS\Tasks\At109.job
NY -> At11.job -> C:\WINDOWS\Tasks\At11.job
NY -> At110.job -> C:\WINDOWS\Tasks\At110.job
NY -> At111.job -> C:\WINDOWS\Tasks\At111.job
NY -> At112.job -> C:\WINDOWS\Tasks\At112.job
NY -> At113.job -> C:\WINDOWS\Tasks\At113.job
NY -> At114.job -> C:\WINDOWS\Tasks\At114.job
NY -> At115.job -> C:\WINDOWS\Tasks\At115.job
NY -> At116.job -> C:\WINDOWS\Tasks\At116.job
NY -> At117.job -> C:\WINDOWS\Tasks\At117.job
NY -> At118.job -> C:\WINDOWS\Tasks\At118.job
NY -> At119.job -> C:\WINDOWS\Tasks\At119.job
NY -> At12.job -> C:\WINDOWS\Tasks\At12.job
NY -> At120.job -> C:\WINDOWS\Tasks\At120.job
NY -> At13.job -> C:\WINDOWS\Tasks\At13.job
NY -> At14.job -> C:\WINDOWS\Tasks\At14.job
NY -> At15.job -> C:\WINDOWS\Tasks\At15.job
NY -> At16.job -> C:\WINDOWS\Tasks\At16.job
NY -> At17.job -> C:\WINDOWS\Tasks\At17.job
NY -> At18.job -> C:\WINDOWS\Tasks\At18.job
NY -> At19.job -> C:\WINDOWS\Tasks\At19.job
NY -> At2.job -> C:\WINDOWS\Tasks\At2.job
NY -> At20.job -> C:\WINDOWS\Tasks\At20.job
NY -> At21.job -> C:\WINDOWS\Tasks\At21.job
NY -> At22.job -> C:\WINDOWS\Tasks\At22.job
NY -> At23.job -> C:\WINDOWS\Tasks\At23.job
NY -> At24.job -> C:\WINDOWS\Tasks\At24.job
NY -> At25.job -> C:\WINDOWS\Tasks\At25.job
NY -> At26.job -> C:\WINDOWS\Tasks\At26.job
NY -> At27.job -> C:\WINDOWS\Tasks\At27.job
NY -> At28.job -> C:\WINDOWS\Tasks\At28.job
NY -> At29.job -> C:\WINDOWS\Tasks\At29.job
NY -> At3.job -> C:\WINDOWS\Tasks\At3.job
NY -> At30.job -> C:\WINDOWS\Tasks\At30.job
NY -> At31.job -> C:\WINDOWS\Tasks\At31.job
NY -> At32.job -> C:\WINDOWS\Tasks\At32.job
NY -> At33.job -> C:\WINDOWS\Tasks\At33.job
NY -> At34.job -> C:\WINDOWS\Tasks\At34.job
NY -> At35.job -> C:\WINDOWS\Tasks\At35.job
NY -> At36.job -> C:\WINDOWS\Tasks\At36.job
NY -> At37.job -> C:\WINDOWS\Tasks\At37.job
NY -> At38.job -> C:\WINDOWS\Tasks\At38.job
NY -> At39.job -> C:\WINDOWS\Tasks\At39.job
NY -> At4.job -> C:\WINDOWS\Tasks\At4.job
NY -> At40.job -> C:\WINDOWS\Tasks\At40.job
NY -> At41.job -> C:\WINDOWS\Tasks\At41.job
NY -> At42.job -> C:\WINDOWS\Tasks\At42.job
NY -> At43.job -> C:\WINDOWS\Tasks\At43.job
NY -> At44.job -> C:\WINDOWS\Tasks\At44.job
NY -> At45.job -> C:\WINDOWS\Tasks\At45.job
NY -> At46.job -> C:\WINDOWS\Tasks\At46.job
NY -> At47.job -> C:\WINDOWS\Tasks\At47.job
NY -> At48.job -> C:\WINDOWS\Tasks\At48.job
NY -> At49.job -> C:\WINDOWS\Tasks\At49.job
NY -> At5.job -> C:\WINDOWS\Tasks\At5.job
NY -> At50.job -> C:\WINDOWS\Tasks\At50.job
NY -> At51.job -> C:\WINDOWS\Tasks\At51.job
NY -> At52.job -> C:\WINDOWS\Tasks\At52.job
NY -> At53.job -> C:\WINDOWS\Tasks\At53.job
NY -> At54.job -> C:\WINDOWS\Tasks\At54.job
NY -> At55.job -> C:\WINDOWS\Tasks\At55.job
NY -> At56.job -> C:\WINDOWS\Tasks\At56.job
NY -> At57.job -> C:\WINDOWS\Tasks\At57.job
NY -> At58.job -> C:\WINDOWS\Tasks\At58.job
NY -> At59.job -> C:\WINDOWS\Tasks\At59.job
NY -> At6.job -> C:\WINDOWS\Tasks\At6.job
NY -> At60.job -> C:\WINDOWS\Tasks\At60.job
NY -> At61.job -> C:\WINDOWS\Tasks\At61.job
NY -> At62.job -> C:\WINDOWS\Tasks\At62.job
NY -> At63.job -> C:\WINDOWS\Tasks\At63.job
NY -> At64.job -> C:\WINDOWS\Tasks\At64.job
NY -> At65.job -> C:\WINDOWS\Tasks\At65.job
NY -> At66.job -> C:\WINDOWS\Tasks\At66.job
NY -> At67.job -> C:\WINDOWS\Tasks\At67.job
NY -> At68.job -> C:\WINDOWS\Tasks\At68.job
NY -> At69.job -> C:\WINDOWS\Tasks\At69.job
NY -> At7.job -> C:\WINDOWS\Tasks\At7.job
NY -> At70.job -> C:\WINDOWS\Tasks\At70.job
NY -> At71.job -> C:\WINDOWS\Tasks\At71.job
NY -> At72.job -> C:\WINDOWS\Tasks\At72.job
NY -> At73.job -> C:\WINDOWS\Tasks\At73.job
NY -> At74.job -> C:\WINDOWS\Tasks\At74.job
NY -> At75.job -> C:\WINDOWS\Tasks\At75.job
NY -> At76.job -> C:\WINDOWS\Tasks\At76.job
NY -> At77.job -> C:\WINDOWS\Tasks\At77.job
NY -> At78.job -> C:\WINDOWS\Tasks\At78.job
NY -> At79.job -> C:\WINDOWS\Tasks\At79.job
NY -> At8.job -> C:\WINDOWS\Tasks\At8.job
NY -> At80.job -> C:\WINDOWS\Tasks\At80.job
NY -> At81.job -> C:\WINDOWS\Tasks\At81.job
NY -> At82.job -> C:\WINDOWS\Tasks\At82.job
NY -> At83.job -> C:\WINDOWS\Tasks\At83.job
NY -> At84.job -> C:\WINDOWS\Tasks\At84.job
NY -> At85.job -> C:\WINDOWS\Tasks\At85.job
NY -> At86.job -> C:\WINDOWS\Tasks\At86.job
NY -> At87.job -> C:\WINDOWS\Tasks\At87.job
NY -> At88.job -> C:\WINDOWS\Tasks\At88.job
NY -> At89.job -> C:\WINDOWS\Tasks\At89.job
NY -> At9.job -> C:\WINDOWS\Tasks\At9.job
NY -> At90.job -> C:\WINDOWS\Tasks\At90.job
NY -> At91.job -> C:\WINDOWS\Tasks\At91.job
NY -> At92.job -> C:\WINDOWS\Tasks\At92.job
NY -> At93.job -> C:\WINDOWS\Tasks\At93.job
NY -> At94.job -> C:\WINDOWS\Tasks\At94.job
NY -> At95.job -> C:\WINDOWS\Tasks\At95.job
NY -> At96.job -> C:\WINDOWS\Tasks\At96.job
NY -> At97.job -> C:\WINDOWS\Tasks\At97.job
NY -> At98.job -> C:\WINDOWS\Tasks\At98.job
NY -> At99.job -> C:\WINDOWS\Tasks\At99.job
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log.

I will review the information when it comes back in.

THEN

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
  • 0

#8
uresai
Posted 30 December 2008 - 01:11 PM

uresai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Process Explorer.EXE killed successfully!
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13d841e2-6a62-437f-9a14-562acc4bf990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13d841e2-6a62-437f-9a14-562acc4bf990}\ deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\dasulelo.dll
C:\WINDOWS\system32\dasulelo.dll NOT unregistered.
C:\WINDOWS\system32\dasulelo.dll moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\bemifidomo deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\hojezeti.dll
C:\WINDOWS\system32\hojezeti.dll NOT unregistered.
C:\WINDOWS\system32\hojezeti.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CPMfb0ff557 deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\segudedu.dll
C:\WINDOWS\system32\segudedu.dll NOT unregistered.
C:\WINDOWS\system32\segudedu.dll moved successfully.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\Contains\Files\ not found.
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\Contains\Files\ not found.
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\soluwale.dll deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\soluwale.dll
C:\WINDOWS\system32\soluwale.dll NOT unregistered.
C:\WINDOWS\system32\soluwale.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\segudedu.dll deleted successfully.
File C:\WINDOWS\system32\segudedu.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SSODL deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\ deleted successfully.
File C:\WINDOWS\system32\segudedu.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\ deleted successfully.
File C:\WINDOWS\system32\segudedu.dll not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\64EgSwJ2.exe deleted successfully.
[Files/Folders - Created Within 30 Days]
C:\WINDOWS\System32\esefekuv.ini moved successfully.
C:\WINDOWS\tasks\At120.job moved successfully.
C:\WINDOWS\tasks\At119.job moved successfully.
C:\WINDOWS\tasks\At118.job moved successfully.
C:\WINDOWS\tasks\At117.job moved successfully.
C:\WINDOWS\tasks\At116.job moved successfully.
C:\WINDOWS\tasks\At115.job moved successfully.
C:\WINDOWS\tasks\At114.job moved successfully.
C:\WINDOWS\tasks\At113.job moved successfully.
C:\WINDOWS\tasks\At112.job moved successfully.
C:\WINDOWS\tasks\At111.job moved successfully.
C:\WINDOWS\tasks\At110.job moved successfully.
C:\WINDOWS\tasks\At109.job moved successfully.
C:\WINDOWS\tasks\At108.job moved successfully.
C:\WINDOWS\tasks\At107.job moved successfully.
C:\WINDOWS\tasks\At106.job moved successfully.
C:\WINDOWS\tasks\At105.job moved successfully.
C:\WINDOWS\tasks\At104.job moved successfully.
C:\WINDOWS\tasks\At103.job moved successfully.
C:\WINDOWS\tasks\At99.job moved successfully.
C:\WINDOWS\tasks\At98.job moved successfully.
C:\WINDOWS\tasks\At102.job moved successfully.
C:\WINDOWS\tasks\At101.job moved successfully.
C:\WINDOWS\tasks\At97.job moved successfully.
[Files/Folders - Modified Within 30 Days]
C:\WINDOWS\tasks\At91.job moved successfully.
C:\WINDOWS\tasks\At67.job moved successfully.
C:\WINDOWS\tasks\At43.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
File C:\WINDOWS\tasks\At115.job not found!
C:\WINDOWS\System32\wusagite moved successfully.
C:\WINDOWS\tasks\At90.job moved successfully.
C:\WINDOWS\tasks\At66.job moved successfully.
C:\WINDOWS\tasks\At42.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
File C:\WINDOWS\tasks\At114.job not found!
File C:\WINDOWS\System32\esefekuv.ini not found!
DllUnregisterServer procedure not found in C:\WINDOWS\System32\yulugezu.dll
C:\WINDOWS\System32\yulugezu.dll NOT unregistered.
C:\WINDOWS\System32\yulugezu.dll moved successfully.
File C:\WINDOWS\System32\segudedu.dll not found!
DllUnregisterServer procedure not found in C:\WINDOWS\System32\vukefese.dll
C:\WINDOWS\System32\vukefese.dll NOT unregistered.
C:\WINDOWS\System32\vukefese.dll moved successfully.
C:\WINDOWS\tasks\At89.job moved successfully.
C:\WINDOWS\tasks\At65.job moved successfully.
C:\WINDOWS\tasks\At41.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
File C:\WINDOWS\tasks\At113.job not found!
C:\WINDOWS\tasks\At88.job moved successfully.
C:\WINDOWS\tasks\At64.job moved successfully.
C:\WINDOWS\tasks\At40.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
File C:\WINDOWS\tasks\At112.job not found!
C:\WINDOWS\tasks\At87.job moved successfully.
C:\WINDOWS\tasks\At63.job moved successfully.
C:\WINDOWS\tasks\At39.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
File C:\WINDOWS\tasks\At111.job not found!
C:\WINDOWS\tasks\At86.job moved successfully.
C:\WINDOWS\tasks\At62.job moved successfully.
C:\WINDOWS\tasks\At38.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
File C:\WINDOWS\tasks\At110.job not found!
C:\WINDOWS\tasks\At85.job moved successfully.
C:\WINDOWS\tasks\At61.job moved successfully.
C:\WINDOWS\tasks\At37.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
File C:\WINDOWS\tasks\At109.job not found!
C:\WINDOWS\tasks\At84.job moved successfully.
C:\WINDOWS\tasks\At60.job moved successfully.
C:\WINDOWS\tasks\At36.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
File C:\WINDOWS\tasks\At108.job not found!
C:\WINDOWS\tasks\At83.job moved successfully.
C:\WINDOWS\tasks\At59.job moved successfully.
C:\WINDOWS\tasks\At35.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
File C:\WINDOWS\tasks\At107.job not found!
C:\WINDOWS\tasks\At82.job moved successfully.
C:\WINDOWS\tasks\At58.job moved successfully.
C:\WINDOWS\tasks\At34.job moved successfully.
File C:\WINDOWS\tasks\At106.job not found!
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
C:\WINDOWS\tasks\At81.job moved successfully.
C:\WINDOWS\tasks\At57.job moved successfully.
C:\WINDOWS\tasks\At33.job moved successfully.
File C:\WINDOWS\tasks\At105.job not found!
C:\WINDOWS\tasks\At80.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At56.job moved successfully.
C:\WINDOWS\tasks\At32.job moved successfully.
File C:\WINDOWS\tasks\At104.job not found!
C:\WINDOWS\tasks\At79.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At55.job moved successfully.
C:\WINDOWS\tasks\At31.job moved successfully.
File C:\WINDOWS\tasks\At103.job not found!
C:\WINDOWS\tasks\At78.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At54.job moved successfully.
C:\WINDOWS\tasks\At30.job moved successfully.
File C:\WINDOWS\tasks\At102.job not found!
C:\WINDOWS\tasks\At77.job moved successfully.
C:\WINDOWS\tasks\At53.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At29.job moved successfully.
File C:\WINDOWS\tasks\At101.job not found!
C:\WINDOWS\tasks\At76.job moved successfully.
C:\WINDOWS\tasks\At52.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
File C:\WINDOWS\tasks\At99.job not found!
C:\WINDOWS\tasks\At75.job moved successfully.
C:\WINDOWS\tasks\At51.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At27.job moved successfully.
File C:\WINDOWS\tasks\At98.job not found!
C:\WINDOWS\tasks\At74.job moved successfully.
C:\WINDOWS\tasks\At50.job moved successfully.
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At49.job moved successfully.
File C:\WINDOWS\tasks\At97.job not found!
C:\WINDOWS\tasks\At73.job moved successfully.
C:\WINDOWS\tasks\At25.job moved successfully.
C:\WINDOWS\tasks\At96.job moved successfully.
C:\WINDOWS\tasks\At72.job moved successfully.
C:\WINDOWS\tasks\At48.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
File C:\WINDOWS\tasks\At120.job not found!
C:\WINDOWS\tasks\At95.job moved successfully.
C:\WINDOWS\tasks\At71.job moved successfully.
C:\WINDOWS\tasks\At47.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
File C:\WINDOWS\tasks\At119.job not found!
C:\WINDOWS\tasks\At94.job moved successfully.
C:\WINDOWS\tasks\At70.job moved successfully.
C:\WINDOWS\tasks\At46.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
File C:\WINDOWS\tasks\At118.job not found!
C:\WINDOWS\tasks\At93.job moved successfully.
C:\WINDOWS\tasks\At69.job moved successfully.
C:\WINDOWS\tasks\At45.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
File C:\WINDOWS\tasks\At117.job not found!
C:\WINDOWS\tasks\At92.job moved successfully.
C:\WINDOWS\tasks\At68.job moved successfully.
C:\WINDOWS\tasks\At44.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
File C:\WINDOWS\tasks\At116.job not found!
[File - Lop Check]
File C:\WINDOWS\Tasks\At1.job not found!
File C:\WINDOWS\Tasks\At10.job not found!
File C:\WINDOWS\Tasks\At101.job not found!
File C:\WINDOWS\Tasks\At102.job not found!
File C:\WINDOWS\Tasks\At103.job not found!
File C:\WINDOWS\Tasks\At104.job not found!
File C:\WINDOWS\Tasks\At105.job not found!
File C:\WINDOWS\Tasks\At106.job not found!
File C:\WINDOWS\Tasks\At107.job not found!
File C:\WINDOWS\Tasks\At108.job not found!
File C:\WINDOWS\Tasks\At109.job not found!
File C:\WINDOWS\Tasks\At11.job not found!
File C:\WINDOWS\Tasks\At110.job not found!
File C:\WINDOWS\Tasks\At111.job not found!
File C:\WINDOWS\Tasks\At112.job not found!
File C:\WINDOWS\Tasks\At113.job not found!
File C:\WINDOWS\Tasks\At114.job not found!
File C:\WINDOWS\Tasks\At115.job not found!
File C:\WINDOWS\Tasks\At116.job not found!
File C:\WINDOWS\Tasks\At117.job not found!
File C:\WINDOWS\Tasks\At118.job not found!
File C:\WINDOWS\Tasks\At119.job not found!
File C:\WINDOWS\Tasks\At12.job not found!
File C:\WINDOWS\Tasks\At120.job not found!
File C:\WINDOWS\Tasks\At13.job not found!
File C:\WINDOWS\Tasks\At14.job not found!
File C:\WINDOWS\Tasks\At15.job not found!
File C:\WINDOWS\Tasks\At16.job not found!
File C:\WINDOWS\Tasks\At17.job not found!
File C:\WINDOWS\Tasks\At18.job not found!
File C:\WINDOWS\Tasks\At19.job not found!
File C:\WINDOWS\Tasks\At2.job not found!
File C:\WINDOWS\Tasks\At20.job not found!
File C:\WINDOWS\Tasks\At21.job not found!
File C:\WINDOWS\Tasks\At22.job not found!
File C:\WINDOWS\Tasks\At23.job not found!
File C:\WINDOWS\Tasks\At24.job not found!
File C:\WINDOWS\Tasks\At25.job not found!
File C:\WINDOWS\Tasks\At26.job not found!
File C:\WINDOWS\Tasks\At27.job not found!
File C:\WINDOWS\Tasks\At28.job not found!
File C:\WINDOWS\Tasks\At29.job not found!
File C:\WINDOWS\Tasks\At3.job not found!
File C:\WINDOWS\Tasks\At30.job not found!
File C:\WINDOWS\Tasks\At31.job not found!
File C:\WINDOWS\Tasks\At32.job not found!
File C:\WINDOWS\Tasks\At33.job not found!
File C:\WINDOWS\Tasks\At34.job not found!
File C:\WINDOWS\Tasks\At35.job not found!
File C:\WINDOWS\Tasks\At36.job not found!
File C:\WINDOWS\Tasks\At37.job not found!
File C:\WINDOWS\Tasks\At38.job not found!
File C:\WINDOWS\Tasks\At39.job not found!
File C:\WINDOWS\Tasks\At4.job not found!
File C:\WINDOWS\Tasks\At40.job not found!
File C:\WINDOWS\Tasks\At41.job not found!
File C:\WINDOWS\Tasks\At42.job not found!
File C:\WINDOWS\Tasks\At43.job not found!
File C:\WINDOWS\Tasks\At44.job not found!
File C:\WINDOWS\Tasks\At45.job not found!
File C:\WINDOWS\Tasks\At46.job not found!
File C:\WINDOWS\Tasks\At47.job not found!
File C:\WINDOWS\Tasks\At48.job not found!
File C:\WINDOWS\Tasks\At49.job not found!
File C:\WINDOWS\Tasks\At5.job not found!
File C:\WINDOWS\Tasks\At50.job not found!
File C:\WINDOWS\Tasks\At51.job not found!
File C:\WINDOWS\Tasks\At52.job not found!
File C:\WINDOWS\Tasks\At53.job not found!
File C:\WINDOWS\Tasks\At54.job not found!
File C:\WINDOWS\Tasks\At55.job not found!
File C:\WINDOWS\Tasks\At56.job not found!
File C:\WINDOWS\Tasks\At57.job not found!
File C:\WINDOWS\Tasks\At58.job not found!
File C:\WINDOWS\Tasks\At59.job not found!
File C:\WINDOWS\Tasks\At6.job not found!
File C:\WINDOWS\Tasks\At60.job not found!
File C:\WINDOWS\Tasks\At61.job not found!
File C:\WINDOWS\Tasks\At62.job not found!
File C:\WINDOWS\Tasks\At63.job not found!
File C:\WINDOWS\Tasks\At64.job not found!
File C:\WINDOWS\Tasks\At65.job not found!
File C:\WINDOWS\Tasks\At66.job not found!
File C:\WINDOWS\Tasks\At67.job not found!
File C:\WINDOWS\Tasks\At68.job not found!
File C:\WINDOWS\Tasks\At69.job not found!
File C:\WINDOWS\Tasks\At7.job not found!
File C:\WINDOWS\Tasks\At70.job not found!
File C:\WINDOWS\Tasks\At71.job not found!
File C:\WINDOWS\Tasks\At72.job not found!
File C:\WINDOWS\Tasks\At73.job not found!
File C:\WINDOWS\Tasks\At74.job not found!
File C:\WINDOWS\Tasks\At75.job not found!
File C:\WINDOWS\Tasks\At76.job not found!
File C:\WINDOWS\Tasks\At77.job not found!
File C:\WINDOWS\Tasks\At78.job not found!
File C:\WINDOWS\Tasks\At79.job not found!
File C:\WINDOWS\Tasks\At8.job not found!
File C:\WINDOWS\Tasks\At80.job not found!
File C:\WINDOWS\Tasks\At81.job not found!
File C:\WINDOWS\Tasks\At82.job not found!
File C:\WINDOWS\Tasks\At83.job not found!
File C:\WINDOWS\Tasks\At84.job not found!
File C:\WINDOWS\Tasks\At85.job not found!
File C:\WINDOWS\Tasks\At86.job not found!
File C:\WINDOWS\Tasks\At87.job not found!
File C:\WINDOWS\Tasks\At88.job not found!
File C:\WINDOWS\Tasks\At89.job not found!
File C:\WINDOWS\Tasks\At9.job not found!
File C:\WINDOWS\Tasks\At90.job not found!
File C:\WINDOWS\Tasks\At91.job not found!
File C:\WINDOWS\Tasks\At92.job not found!
File C:\WINDOWS\Tasks\At93.job not found!
File C:\WINDOWS\Tasks\At94.job not found!
File C:\WINDOWS\Tasks\At95.job not found!
File C:\WINDOWS\Tasks\At96.job not found!
File C:\WINDOWS\Tasks\At97.job not found!
File C:\WINDOWS\Tasks\At98.job not found!
File C:\WINDOWS\Tasks\At99.job not found!
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Le Guen\Local Settings\Temp\etilqs_fvZqHgdMErMcTVdL1nln scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Le Guen\Local Settings\Application Data\Mozilla\Firefox\Profiles\hw48b2kv.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Le Guen\Local Settings\Application Data\Mozilla\Firefox\Profiles\hw48b2kv.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Le Guen\Local Settings\Application Data\Mozilla\Firefox\Profiles\hw48b2kv.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Le Guen\Local Settings\Application Data\Mozilla\Firefox\Profiles\hw48b2kv.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Le Guen\Local Settings\Application Data\Mozilla\Firefox\Profiles\hw48b2kv.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Le Guen\Local Settings\Application Data\Mozilla\Firefox\Profiles\hw48b2kv.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt2 by OldTimer - Version 1.0.4.2 fix logfile created on 12302008_133104

Files moved on Reboot...
C:\Documents and Settings\Le Guen\Local Settings\Temp\etilqs_fvZqHgdMErMcTVdL1nln moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\Le Guen\Local Settings\Application Data\Mozilla\Firefox\Profiles\hw48b2kv.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Le Guen\Local Settings\Application Data\Mozilla\Firefox\Profiles\hw48b2kv.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Le Guen\Local Settings\Application Data\Mozilla\Firefox\Profiles\hw48b2kv.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Le Guen\Local Settings\Application Data\Mozilla\Firefox\Profiles\hw48b2kv.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Le Guen\Local Settings\Application Data\Mozilla\Firefox\Profiles\hw48b2kv.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Le Guen\Local Settings\Application Data\Mozilla\Firefox\Profiles\hw48b2kv.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:09:29, on 30/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Ares\Ares.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {13d841e2-6a62-437f-9a14-562acc4bf990} - C:\WINDOWS\system32\dasulelo.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [f83cc6cb] rundll32.exe "C:\WINDOWS\system32\wumugaka.dll",b
O4 - HKLM\..\Run: [CPMfb0ff557] Rundll32.exe "c:\windows\system32\fuhiheje.dll",a
O4 - HKLM\..\Run: [bemifidomo] Rundll32.exe "C:\WINDOWS\system32\hojezeti.dll",s
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.appl...meInstaller.exe
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.updat...b?1213928891812
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safe...wlscbase969.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1155675640768
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1155677157421
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/...O1.cab60096.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - AppInit_DLLs: c:\windows\system32\fuhiheje.dllR nsale.dllLE%to??Lshell32.dllL???? c:\windows\system32\segudedu.dll,C:\WINDOWS\system32\soluwale.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fuhiheje.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\fuhiheje.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 8372 bytes
  • 0

#9
Essexboy
Posted 30 December 2008 - 01:14 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If you could run combofix now please
  • 0

#10
uresai
Posted 30 December 2008 - 01:18 PM

uresai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Combo fix is running

ill post the log when its done with the new hijack
  • 0

Advertisements

#11
uresai
Posted 30 December 2008 - 02:33 PM

uresai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
ComboFix 08-12-29.02 - Le Guen 2008-12-30 14:25:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.255.28 [GMT -5:00]
Lancé depuis: c:\documents and settings\Le Guen\Desktop\Combo-Fix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Le Guen\Local Settings\Temporary Internet Files\firodawyza._sy
c:\documents and settings\Le Guen\Local Settings\Temporary Internet Files\icuhukylo.vbs
c:\program files\INSTALL.LOG
c:\windows\system32\fuhiheje.dll
c:\windows\system32\gum.exe.exe
c:\windows\system32\TDSSbrsr.dat
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\wumugaka.dll
c:\windows\Sysvxd.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys


((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-30 ))))))))))))))))))))))))))))))))))))
.

2008-12-30 13:31 . 2008-12-30 13:31 <DIR> d-------- C:\_OTScanIt
2008-12-30 04:47 . 2008-12-30 13:43 1,294,028 ---hs---- c:\windows\system32\akagumuw.ini
2008-12-29 03:38 . 2008-12-29 03:38 <DIR> d-------- C:\VundoFix Backups
2008-12-28 10:49 . 2008-12-28 10:47 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-28 06:26 . 2008-12-28 08:43 <DIR> d-------- c:\program files\Exterminate It!
2008-12-18 00:23 . 2008-12-27 13:06 173 --a------ c:\windows\wininit.ini
2008-12-17 17:11 . 2008-12-17 17:11 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-12-17 17:11 . 2008-12-17 17:11 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-12-17 17:11 . 2008-12-17 17:11 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-12-17 17:11 . 2008-12-17 17:11 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-12-13 20:44 . 2008-12-13 20:44 <DIR> d-------- c:\documents and settings\Le Guen\Application Data\GamesCafe
2008-12-13 20:44 . 2008-12-13 20:44 4,096 --a------ c:\windows\d3dx.dat
2008-12-13 20:43 . 2008-12-13 20:43 <DIR> d-------- c:\program files\Oberon Media
2008-12-13 20:43 . 2008-12-13 20:43 <DIR> d-------- c:\program files\MSN Games
2008-12-13 20:43 . 2008-12-13 21:07 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-09 13:50 . 2008-12-09 13:50 <DIR> d-------- c:\program files\Ares
2008-11-25 00:09 . 2000-06-07 13:02 817,664 --a------ c:\windows\system32\LXSUPMON.EXE
2008-11-25 00:09 . 1999-12-08 13:23 83,456 --a------ c:\windows\system32\lxsmunin.exe
2008-11-25 00:09 . 2000-04-06 14:54 18,646 --a------ c:\windows\system32\lxsupmon.hlp
2008-11-21 16:47 . 2008-11-21 16:47 9,878 --a------ c:\windows\system32\dsm_fr.qm
2008-11-21 16:47 . 2008-11-21 16:47 4,816 --a------ c:\windows\system32\divxsm.tlb
2008-11-21 16:46 . 2008-11-21 16:46 1,044,480 --a------ c:\windows\system32\libdivx.dll
2008-11-21 16:46 . 2008-11-21 16:46 200,704 --a------ c:\windows\system32\ssldivx.dll
2008-11-21 16:44 . 2008-11-21 16:44 161,096 --a------ c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 16:44 . 2008-11-21 16:44 12,288 --a------ c:\windows\system32\DivXWMPExtType.dll
2008-11-13 20:25 . 2008-11-13 20:25 <DIR> d-------- c:\program files\Trend Micro
2008-11-13 02:49 . 2008-11-13 02:49 <DIR> d-------- C:\e2c86fab61b8b6ee784245
2008-11-13 01:15 . 2008-11-13 01:15 <DIR> d-------- c:\documents and settings\Administrator.USER-HJ4V9IO83C\Application Data\Malwarebytes
2008-11-13 00:52 . 2008-11-13 00:52 <DIR> d-------- c:\documents and settings\Administrator.USER-HJ4V9IO83C
2008-11-13 00:22 . 2008-11-13 00:22 <DIR> d-------- c:\documents and settings\Administrator
2008-11-12 18:17 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 18:16 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 18:13 . 2008-11-12 18:44 <DIR> d-------- c:\program files\Windows Defender
2008-11-12 04:25 . 2008-11-12 04:25 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-11-12 03:30 . 2008-11-12 03:30 685,056 --a------ c:\windows\is-COPVN.exe
2008-11-12 03:30 . 2008-11-12 03:30 10,498 --a------ c:\windows\is-COPVN.msg
2008-11-12 03:30 . 2008-11-12 03:30 465 --a------ c:\windows\is-COPVN.lst
2008-11-11 23:23 . 2008-11-11 23:23 <DIR> d-------- c:\program files\Lavasoft
2008-11-11 23:23 . 2008-11-11 23:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-11 23:20 . 2008-11-11 23:20 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-11 20:42 . 2008-11-11 20:42 <DIR> d-------- C:\95596093bb7a2c3cc6098fed1dcd
2008-11-11 20:04 . 2008-11-11 20:04 685,056 --a------ c:\windows\is-VQBLM.exe
2008-11-11 20:04 . 2008-11-11 20:04 10,498 --a------ c:\windows\is-VQBLM.msg
2008-11-11 20:04 . 2008-11-11 20:04 412 --a------ c:\windows\is-VQBLM.lst
2008-11-11 19:41 . 2008-11-11 19:41 685,056 --a------ c:\windows\is-6PIDU.exe
2008-11-11 19:41 . 2008-11-11 19:41 10,498 --a------ c:\windows\is-6PIDU.msg
2008-11-11 19:41 . 2008-11-11 19:41 412 --a------ c:\windows\is-6PIDU.lst
2008-11-11 19:40 . 2008-11-11 19:40 685,056 --a------ c:\windows\is-I7GRC.exe
2008-11-11 19:40 . 2008-11-11 19:40 10,498 --a------ c:\windows\is-I7GRC.msg
2008-11-11 19:40 . 2008-11-11 19:40 412 --a------ c:\windows\is-I7GRC.lst
2008-11-11 19:37 . 2008-11-11 19:37 685,056 --a------ c:\windows\is-HQCU3.exe
2008-11-11 19:37 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-11 19:37 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-11 19:37 . 2008-11-11 19:37 10,498 --a------ c:\windows\is-HQCU3.msg
2008-11-11 19:37 . 2008-11-11 19:37 412 --a------ c:\windows\is-HQCU3.lst
2008-11-11 14:03 . 2008-11-11 14:03 18,443 --a------ c:\windows\avyfikyx.com
2008-11-11 14:03 . 2008-11-11 14:03 18,185 --a------ c:\windows\uqak.scr
2008-11-11 14:03 . 2008-11-11 14:03 18,123 --a------ c:\program files\Common Files\mivekat.exe
2008-11-11 14:03 . 2008-11-11 14:03 17,548 --a------ c:\program files\Common Files\hufubihuwa.bin
2008-11-11 14:03 . 2008-11-11 14:03 16,831 --a------ c:\documents and settings\Le Guen\Application Data\eluxy.pif
2008-11-11 14:03 . 2008-11-11 14:03 15,689 --a------ c:\documents and settings\Le Guen\Application Data\onyruped.bat
2008-11-11 14:03 . 2008-11-11 14:03 15,009 --a------ c:\documents and settings\All Users\Application Data\atumorocep.vbs
2008-11-11 14:03 . 2008-11-11 14:03 14,744 --a------ c:\windows\zycicajozu.lib
2008-11-11 14:03 . 2008-11-11 14:03 12,020 --a------ c:\windows\system32\juhuxon.vbs
2008-11-11 14:03 . 2008-11-11 14:03 11,118 --a------ c:\windows\ariwyvom.ban
2008-11-11 14:03 . 2008-11-11 14:03 11,048 --a------ c:\windows\oxygaxofij._sy
2008-11-11 14:03 . 2008-11-11 14:03 10,173 --a------ c:\windows\system32\ezah.bin

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-30 20:21 --------- d-----w c:\documents and settings\Le Guen\Application Data\OpenOffice.org2
2008-12-30 19:36 --------- d-----w c:\program files\Microsoft Windows OneCare Live
2008-12-28 15:47 --------- d-----w c:\program files\Java
2008-12-28 00:21 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-12-20 04:21 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-19 20:27 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-18 01:34 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-15 17:13 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-11 19:19 --------- d-----w c:\program files\DivX
2008-11-21 21:47 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-11-21 21:47 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-11-11 19:03 10,975 ----a-w c:\program files\Common Files\ykofimopah.db
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-19 19:05 780,399 ----a-w C:\krk.exe
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-05 20:02 70,688 ----a-w c:\documents and settings\Le Guen\Application Data\GDIPFONTCACHEV1.DAT
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-25 20:46 61,643 ----a-w c:\windows\system32\hizapego.dll.tmp
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2007-10-22 08:49 867,848 -c--a-w c:\program files\NOV2007_d3dx10_36_x64.cab
2007-10-22 08:49 807,132 -c--a-w c:\program files\NOV2007_d3dx10_36_x86.cab
2007-10-22 08:49 49,392 -c--a-w c:\program files\NOV2007_X3DAudio_x64.cab
2007-10-22 08:49 44,850 -c--a-w c:\program files\dxdllreg_x86.cab
2007-10-22 08:49 21,744 -c--a-w c:\program files\NOV2007_X3DAudio_x86.cab
2007-10-22 08:49 200,010 -c--a-w c:\program files\NOV2007_XACT_x64.cab
2007-10-22 08:49 151,512 -c--a-w c:\program files\NOV2007_XACT_x86.cab
2007-10-22 08:49 1,805,306 -c--a-w c:\program files\NOV2007_d3dx9_36_x64.cab
2007-10-22 08:49 1,712,608 -c--a-w c:\program files\NOV2007_d3dx9_36_x86.cab
2007-02-16 23:26 560 ----a-w c:\documents and settings\Le Guen\Application Data\ViewerApp.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="c:\program files\Ares\Ares.exe" [2008-12-01 882176]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Eraser"="c:\program files\Eraser\Eraser.exe" [2007-12-22 916240]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 1544192]
"LVCOMSX"="c:\windows\System32\LVCOMSX.EXE" [2005-07-19 221184]
"LXSUPMON"="c:\windows\system32\LXSUPMON.EXE" [2000-06-07 817664]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2008-12-03 1265296]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2007-04-02 66944]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2000-06-07 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-28 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 49152]

c:\documents and settings\Le Guen\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 61440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.lsvx"= c:\windows\system32\lsvxdec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\PPLive\\PPLive.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Windows OneCare Live\\winss.exe"=
"c:\\Program Files\\Microsoft Windows OneCare Live\\winssnotify.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14155:TCP"= 14155:TCP:BitComet 14155 TCP
"14155:UDP"= 14155:UDP:BitComet 14155 UDP
"47284:TCP"= 47284:TCP:AresChatServer

.
Contenu du dossier 'Tâches planifiées'

2008-11-11 c:\windows\Tasks\MP Scheduled Quick Scan.job
- c:\program files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe [2006-11-11 10:49]

2008-12-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe [2006-11-11 10:49]

2008-11-11 c:\windows\Tasks\MP Scheduled Signature Update.job
- c:\program files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe [2006-11-11 10:49]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{13d841e2-6a62-437f-9a14-562acc4bf990} - c:\windows\system32\dasulelo.dll
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-Run-bemifidomo - c:\windows\system32\hojezeti.dll


.
------- Examen supplémentaire -------
.
mStart Page = hxxp://www.google.com
IE: Download all links using BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Download link using &BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Download videos using BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Le Guen\Application Data\Mozilla\Firefox\Profiles\hw48b2kv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://sympatico.msn.ca/?lang=fr-CA
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-CA&FORM=MIMWA1&q=
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 15:17:33
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\LexBceS.exe
c:\windows\system32\Lexpps.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
c:\program files\Microsoft Windows OneCare Live\winss.exe
c:\windows\system32\wscntfy.exe
c:\program files\OpenOffice.org 2.0\program\soffice.exe
c:\program files\OpenOffice.org 2.0\program\soffice.bin
.
**************************************************************************
.
Heure de fin: 2008-12-30 15:28:24 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-30 20:28:15

Avant-CF: 10ÿ050ÿ584ÿ576 bytes free
Apr̃s-CF: 10,084,614,144 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

257 --- E O F --- 2008-12-22 17:03:09


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:32:21, on 30/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Ares\Ares.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.appl...meInstaller.exe
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.updat...b?1213928891812
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safe...wlscbase969.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1155675640768
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1155677157421
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/...O1.cab60096.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) -
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 8340 bytes
  • 0

#12
Essexboy
Posted 30 December 2008 - 02:52 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Just a few bits to remove now

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Files
c:\windows\system32\akagumuw.ini
C:\e2c86fab61b8b6ee784245
C:\95596093bb7a2c3cc6098fed1dcd
c:\windows\oxygaxofij._sy
c:\windows\ariwyvom.ban
c:\windows\avyfikyx.com
c:\windows\uqak.scr
c:\program files\Common Files\mivekat.exe
c:\program files\Common Files\hufubihuwa.bin
c:\documents and settings\Le Guen\Application Data\eluxy.pif
c:\documents and settings\Le Guen\Application Data\onyruped.bat
c:\documents and settings\All Users\Application Data\atumorocep.vbs
c:\windows\zycicajozu.lib
c:\windows\system32\juhuxon.vbs
c:\windows\system32\ezah.bin

:Commands
[purity]
[emptytemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

THEN

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Logs required : OTMoveit report, MBAM report and a new Hijackthis log. Plus how is your computer now ?
  • 0

#13
uresai
Posted 30 December 2008 - 03:50 PM

uresai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
========== FILES ==========
c:\windows\system32\akagumuw.ini moved successfully.
C:\e2c86fab61b8b6ee784245 moved successfully.
C:\95596093bb7a2c3cc6098fed1dcd moved successfully.
c:\windows\oxygaxofij._sy moved successfully.
c:\windows\ariwyvom.ban moved successfully.
c:\windows\avyfikyx.com moved successfully.
c:\windows\uqak.scr moved successfully.
c:\program files\Common Files\mivekat.exe moved successfully.
c:\program files\Common Files\hufubihuwa.bin moved successfully.
c:\documents and settings\Le Guen\Application Data\eluxy.pif moved successfully.
c:\documents and settings\Le Guen\Application Data\onyruped.bat moved successfully.
c:\documents and settings\All Users\Application Data\atumorocep.vbs moved successfully.
c:\windows\zycicajozu.lib moved successfully.
c:\windows\system32\juhuxon.vbs moved successfully.
c:\windows\system32\ezah.bin moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\LEGUEN~1\LOCALS~1\Temp\etilqs_ThksH2X66g0asLRgD4wL scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\LEGUEN~1\LOCALS~1\Temp\Perflib_Perfdata_578.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6cc.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Le Guen\Local Settings\Application Data\Mozilla\Firefox\Profiles\hw48b2kv.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Le Guen\Local Settings\Application Data\Mozilla\Firefox\Profiles\hw48b2kv.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Le Guen\Local Settings\Application Data\Mozilla\Firefox\Profiles\hw48b2kv.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Le Guen\Local Settings\Application Data\Mozilla\Firefox\Profiles\hw48b2kv.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Le Guen\Local Settings\Application Data\Mozilla\Firefox\Profiles\hw48b2kv.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Le Guen\Local Settings\Application Data\Mozilla\Firefox\Profiles\hw48b2kv.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12302008_161314

Files moved on Reboot...
File C:\DOCUME~1\LEGUEN~1\LOCALS~1\Temp\etilqs_ThksH2X66g0asLRgD4wL not found!
File C:\DOCUME~1\LEGUEN~1\LOCALS~1\Temp\Perflib_Perfdata_578.dat not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_6cc.dat not found!
C:\Documents and Settings\Le Guen\Local Settings\Application Data\Mozilla\Firefox\Profiles\hw48b2kv.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Le Guen\Local Settings\Application Data\Mozilla\Firefox\Profiles\hw48b2kv.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Le Guen\Local Settings\Application Data\Mozilla\Firefox\Profiles\hw48b2kv.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Le Guen\Local Settings\Application Data\Mozilla\Firefox\Profiles\hw48b2kv.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Le Guen\Local Settings\Application Data\Mozilla\Firefox\Profiles\hw48b2kv.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Le Guen\Local Settings\Application Data\Mozilla\Firefox\Profiles\hw48b2kv.default\XUL.mfl moved successfully.




Malwarebytes' Anti-Malware 1.31
Database version: 1579
Windows 5.1.2600 Service Pack 3

30/12/2008 16:48:58
mbam-log-2008-12-30 (16-48-58).txt

Scan type: Quick Scan
Objects scanned: 56477
Time elapsed: 11 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Iexplore dont open and I dont see no rundll32 also

I think it Worked :) :) :) :) :)
  • 0

#14
Essexboy
Posted 30 December 2008 - 03:51 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so...Download and run this small programme and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

XP
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE
You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :)
  • 0

#15
uresai
Posted 30 December 2008 - 05:04 PM

uresai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
when i try play my cd i get this error do you know why? ( Illegal function call in module AEMN at adress 054A:722F )
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP